dependabit / manifest/src / mergeManifests

Function: mergeManifests()

function mergeManifests(
   existing, 
   updated, 
   options?): {
  dependencies: {
     accessMethod: "context7" | "arxiv" | "openapi" | "github-api" | "http";
     auth?: {
        secretEnvVar?: string;
        type: "token" | "oauth" | "basic" | "none";
     };
     changeHistory: {
        detectedAt: string;
        falsePositive: boolean;
        issueNumber?: number;
        newVersion?: string;
        oldVersion?: string;
        severity: "breaking" | "major" | "minor";
     }[];
     currentStateHash: string;
     currentVersion?: string;
     description?: string;
     detectedAt: string;
     detectionConfidence: number;
     detectionMethod:   | "llm-analysis"
        | "manual"
        | "package-json"
        | "requirements-txt"
        | "code-comment";
     id: string;
     lastChanged?: string;
     lastChecked: string;
     monitoring?: {
        checkFrequency: "hourly" | "daily" | "weekly" | "monthly";
        enabled: boolean;
        ignoreChanges: boolean;
        severityOverride?: "breaking" | "major" | "minor";
     };
     name: string;
     referencedIn: {
        context?: string;
        file: string;
        line?: number;
     }[];
     type:   | "reference-implementation"
        | "schema"
        | "documentation"
        | "research-paper"
        | "api-example"
        | "other";
     url: string;
  }[];
  generatedAt: string;
  generatedBy: {
     action: string;
     llmModel?: string;
     llmProvider: string;
     version: string;
  };
  repository: {
     branch: string;
     commit: string;
     name: string;
     owner: string;
  };
  statistics: {
     averageConfidence: number;
     byAccessMethod: Record<string, number>;
     byDetectionMethod: Record<string, number>;
     byType: Record<string, number>;
     falsePositiveRate?: number;
     totalDependencies: number;
  };
  version: "1.0.0";
};

Defined in: packages/manifest/src/manifest.ts:246

Merges an updated manifest generated by the detector over an existing one, optionally preserving manual entries and accumulated change history.

Parameters

Parameter	Type	Description
`existing`	{ `dependencies`: { `accessMethod`: `"context7"` \| `"arxiv"` \| `"openapi"` \| `"github-api"` \| `"http"`; `auth?`: { `secretEnvVar?`: `string`; `type`: `"token"` \| `"oauth"` \| `"basic"` \| `"none"`; }; `changeHistory`: { `detectedAt`: `string`; `falsePositive`: `boolean`; `issueNumber?`: `number`; `newVersion?`: `string`; `oldVersion?`: `string`; `severity`: `"breaking"` \| `"major"` \| `"minor"`; }[]; `currentStateHash`: `string`; `currentVersion?`: `string`; `description?`: `string`; `detectedAt`: `string`; `detectionConfidence`: `number`; `detectionMethod`: \| `"llm-analysis"` \| `"manual"` \| `"package-json"` \| `"requirements-txt"` \| `"code-comment"`; `id`: `string`; `lastChanged?`: `string`; `lastChecked`: `string`; `monitoring?`: { `checkFrequency`: `"hourly"` \| `"daily"` \| `"weekly"` \| `"monthly"`; `enabled`: `boolean`; `ignoreChanges`: `boolean`; `severityOverride?`: `"breaking"` \| `"major"` \| `"minor"`; }; `name`: `string`; `referencedIn`: { `context?`: `string`; `file`: `string`; `line?`: `number`; }[]; `type`: \| `"reference-implementation"` \| `"schema"` \| `"documentation"` \| `"research-paper"` \| `"api-example"` \| `"other"`; `url`: `string`; }[]; `generatedAt`: `string`; `generatedBy`: { `action`: `string`; `llmModel?`: `string`; `llmProvider`: `string`; `version`: `string`; }; `repository`: { `branch`: `string`; `commit`: `string`; `name`: `string`; `owner`: `string`; }; `statistics`: { `averageConfidence`: `number`; `byAccessMethod`: `Record`<`string`, `number`>; `byDetectionMethod`: `Record`<`string`, `number`>; `byType`: `Record`<`string`, `number`>; `falsePositiveRate?`: `number`; `totalDependencies`: `number`; }; `version`: `"1.0.0"`; }	The current on-disk manifest.
`existing.dependencies`	{ `accessMethod`: `"context7"` \| `"arxiv"` \| `"openapi"` \| `"github-api"` \| `"http"`; `auth?`: { `secretEnvVar?`: `string`; `type`: `"token"` \| `"oauth"` \| `"basic"` \| `"none"`; }; `changeHistory`: { `detectedAt`: `string`; `falsePositive`: `boolean`; `issueNumber?`: `number`; `newVersion?`: `string`; `oldVersion?`: `string`; `severity`: `"breaking"` \| `"major"` \| `"minor"`; }[]; `currentStateHash`: `string`; `currentVersion?`: `string`; `description?`: `string`; `detectedAt`: `string`; `detectionConfidence`: `number`; `detectionMethod`: \| `"llm-analysis"` \| `"manual"` \| `"package-json"` \| `"requirements-txt"` \| `"code-comment"`; `id`: `string`; `lastChanged?`: `string`; `lastChecked`: `string`; `monitoring?`: { `checkFrequency`: `"hourly"` \| `"daily"` \| `"weekly"` \| `"monthly"`; `enabled`: `boolean`; `ignoreChanges`: `boolean`; `severityOverride?`: `"breaking"` \| `"major"` \| `"minor"`; }; `name`: `string`; `referencedIn`: { `context?`: `string`; `file`: `string`; `line?`: `number`; }[]; `type`: \| `"reference-implementation"` \| `"schema"` \| `"documentation"` \| `"research-paper"` \| `"api-example"` \| `"other"`; `url`: `string`; }[]	-
`existing.generatedAt`	`string`	-
`existing.generatedBy`	{ `action`: `string`; `llmModel?`: `string`; `llmProvider`: `string`; `version`: `string`; }	-
`existing.generatedBy.action`	`string`	-
`existing.generatedBy.llmModel?`	`string`	-
`existing.generatedBy.llmProvider`	`string`	-
`existing.generatedBy.version`	`string`	-
`existing.repository`	{ `branch`: `string`; `commit`: `string`; `name`: `string`; `owner`: `string`; }	-
`existing.repository.branch`	`string`	-
`existing.repository.commit`	`string`	-
`existing.repository.name`	`string`	-
`existing.repository.owner`	`string`	-
`existing.statistics`	{ `averageConfidence`: `number`; `byAccessMethod`: `Record`<`string`, `number`>; `byDetectionMethod`: `Record`<`string`, `number`>; `byType`: `Record`<`string`, `number`>; `falsePositiveRate?`: `number`; `totalDependencies`: `number`; }	-
`existing.statistics.averageConfidence`	`number`	-
`existing.statistics.byAccessMethod`	`Record`<`string`, `number`>	-
`existing.statistics.byDetectionMethod`	`Record`<`string`, `number`>	-
`existing.statistics.byType`	`Record`<`string`, `number`>	-
`existing.statistics.falsePositiveRate?`	`number`	-
`existing.statistics.totalDependencies`	`number`	-
`existing.version`	`"1.0.0"`	-
`updated`	{ `dependencies`: { `accessMethod`: `"context7"` \| `"arxiv"` \| `"openapi"` \| `"github-api"` \| `"http"`; `auth?`: { `secretEnvVar?`: `string`; `type`: `"token"` \| `"oauth"` \| `"basic"` \| `"none"`; }; `changeHistory`: { `detectedAt`: `string`; `falsePositive`: `boolean`; `issueNumber?`: `number`; `newVersion?`: `string`; `oldVersion?`: `string`; `severity`: `"breaking"` \| `"major"` \| `"minor"`; }[]; `currentStateHash`: `string`; `currentVersion?`: `string`; `description?`: `string`; `detectedAt`: `string`; `detectionConfidence`: `number`; `detectionMethod`: \| `"llm-analysis"` \| `"manual"` \| `"package-json"` \| `"requirements-txt"` \| `"code-comment"`; `id`: `string`; `lastChanged?`: `string`; `lastChecked`: `string`; `monitoring?`: { `checkFrequency`: `"hourly"` \| `"daily"` \| `"weekly"` \| `"monthly"`; `enabled`: `boolean`; `ignoreChanges`: `boolean`; `severityOverride?`: `"breaking"` \| `"major"` \| `"minor"`; }; `name`: `string`; `referencedIn`: { `context?`: `string`; `file`: `string`; `line?`: `number`; }[]; `type`: \| `"reference-implementation"` \| `"schema"` \| `"documentation"` \| `"research-paper"` \| `"api-example"` \| `"other"`; `url`: `string`; }[]; `generatedAt`: `string`; `generatedBy`: { `action`: `string`; `llmModel?`: `string`; `llmProvider`: `string`; `version`: `string`; }; `repository`: { `branch`: `string`; `commit`: `string`; `name`: `string`; `owner`: `string`; }; `statistics`: { `averageConfidence`: `number`; `byAccessMethod`: `Record`<`string`, `number`>; `byDetectionMethod`: `Record`<`string`, `number`>; `byType`: `Record`<`string`, `number`>; `falsePositiveRate?`: `number`; `totalDependencies`: `number`; }; `version`: `"1.0.0"`; }	The freshly-detected manifest to merge.
`updated.dependencies`	{ `accessMethod`: `"context7"` \| `"arxiv"` \| `"openapi"` \| `"github-api"` \| `"http"`; `auth?`: { `secretEnvVar?`: `string`; `type`: `"token"` \| `"oauth"` \| `"basic"` \| `"none"`; }; `changeHistory`: { `detectedAt`: `string`; `falsePositive`: `boolean`; `issueNumber?`: `number`; `newVersion?`: `string`; `oldVersion?`: `string`; `severity`: `"breaking"` \| `"major"` \| `"minor"`; }[]; `currentStateHash`: `string`; `currentVersion?`: `string`; `description?`: `string`; `detectedAt`: `string`; `detectionConfidence`: `number`; `detectionMethod`: \| `"llm-analysis"` \| `"manual"` \| `"package-json"` \| `"requirements-txt"` \| `"code-comment"`; `id`: `string`; `lastChanged?`: `string`; `lastChecked`: `string`; `monitoring?`: { `checkFrequency`: `"hourly"` \| `"daily"` \| `"weekly"` \| `"monthly"`; `enabled`: `boolean`; `ignoreChanges`: `boolean`; `severityOverride?`: `"breaking"` \| `"major"` \| `"minor"`; }; `name`: `string`; `referencedIn`: { `context?`: `string`; `file`: `string`; `line?`: `number`; }[]; `type`: \| `"reference-implementation"` \| `"schema"` \| `"documentation"` \| `"research-paper"` \| `"api-example"` \| `"other"`; `url`: `string`; }[]	-
`updated.generatedAt`	`string`	-
`updated.generatedBy`	{ `action`: `string`; `llmModel?`: `string`; `llmProvider`: `string`; `version`: `string`; }	-
`updated.generatedBy.action`	`string`	-
`updated.generatedBy.llmModel?`	`string`	-
`updated.generatedBy.llmProvider`	`string`	-
`updated.generatedBy.version`	`string`	-
`updated.repository`	{ `branch`: `string`; `commit`: `string`; `name`: `string`; `owner`: `string`; }	-
`updated.repository.branch`	`string`	-
`updated.repository.commit`	`string`	-
`updated.repository.name`	`string`	-
`updated.repository.owner`	`string`	-
`updated.statistics`	{ `averageConfidence`: `number`; `byAccessMethod`: `Record`<`string`, `number`>; `byDetectionMethod`: `Record`<`string`, `number`>; `byType`: `Record`<`string`, `number`>; `falsePositiveRate?`: `number`; `totalDependencies`: `number`; }	-
`updated.statistics.averageConfidence`	`number`	-
`updated.statistics.byAccessMethod`	`Record`<`string`, `number`>	-
`updated.statistics.byDetectionMethod`	`Record`<`string`, `number`>	-
`updated.statistics.byType`	`Record`<`string`, `number`>	-
`updated.statistics.falsePositiveRate?`	`number`	-
`updated.statistics.totalDependencies`	`number`	-
`updated.version`	`"1.0.0"`	-
`options`	{ `preserveHistory?`: `boolean`; `preserveManual?`: `boolean`; }	Merge strategy options.
`options.preserveHistory?`	`boolean`	-
`options.preserveManual?`	`boolean`	-

Returns

{
  dependencies: {
     accessMethod: "context7" | "arxiv" | "openapi" | "github-api" | "http";
     auth?: {
        secretEnvVar?: string;
        type: "token" | "oauth" | "basic" | "none";
     };
     changeHistory: {
        detectedAt: string;
        falsePositive: boolean;
        issueNumber?: number;
        newVersion?: string;
        oldVersion?: string;
        severity: "breaking" | "major" | "minor";
     }[];
     currentStateHash: string;
     currentVersion?: string;
     description?: string;
     detectedAt: string;
     detectionConfidence: number;
     detectionMethod:   | "llm-analysis"
        | "manual"
        | "package-json"
        | "requirements-txt"
        | "code-comment";
     id: string;
     lastChanged?: string;
     lastChecked: string;
     monitoring?: {
        checkFrequency: "hourly" | "daily" | "weekly" | "monthly";
        enabled: boolean;
        ignoreChanges: boolean;
        severityOverride?: "breaking" | "major" | "minor";
     };
     name: string;
     referencedIn: {
        context?: string;
        file: string;
        line?: number;
     }[];
     type:   | "reference-implementation"
        | "schema"
        | "documentation"
        | "research-paper"
        | "api-example"
        | "other";
     url: string;
  }[];
  generatedAt: string;
  generatedBy: {
     action: string;
     llmModel?: string;
     llmProvider: string;
     version: string;
  };
  repository: {
     branch: string;
     commit: string;
     name: string;
     owner: string;
  };
  statistics: {
     averageConfidence: number;
     byAccessMethod: Record<string, number>;
     byDetectionMethod: Record<string, number>;
     byType: Record<string, number>;
     falsePositiveRate?: number;
     totalDependencies: number;
  };
  version: "1.0.0";
}

A new manifest object (does not mutate either input).

Name	Type	Default value	Defined in
`dependencies`	{ `accessMethod`: `"context7"` \| `"arxiv"` \| `"openapi"` \| `"github-api"` \| `"http"`; `auth?`: { `secretEnvVar?`: `string`; `type`: `"token"` \| `"oauth"` \| `"basic"` \| `"none"`; }; `changeHistory`: { `detectedAt`: `string`; `falsePositive`: `boolean`; `issueNumber?`: `number`; `newVersion?`: `string`; `oldVersion?`: `string`; `severity`: `"breaking"` \| `"major"` \| `"minor"`; }[]; `currentStateHash`: `string`; `currentVersion?`: `string`; `description?`: `string`; `detectedAt`: `string`; `detectionConfidence`: `number`; `detectionMethod`: \| `"llm-analysis"` \| `"manual"` \| `"package-json"` \| `"requirements-txt"` \| `"code-comment"`; `id`: `string`; `lastChanged?`: `string`; `lastChecked`: `string`; `monitoring?`: { `checkFrequency`: `"hourly"` \| `"daily"` \| `"weekly"` \| `"monthly"`; `enabled`: `boolean`; `ignoreChanges`: `boolean`; `severityOverride?`: `"breaking"` \| `"major"` \| `"minor"`; }; `name`: `string`; `referencedIn`: { `context?`: `string`; `file`: `string`; `line?`: `number`; }[]; `type`: \| `"reference-implementation"` \| `"schema"` \| `"documentation"` \| `"research-paper"` \| `"api-example"` \| `"other"`; `url`: `string`; }[]	-	packages/manifest/src/schema.ts:145
`generatedAt`	`string`	-	packages/manifest/src/schema.ts:130
`generatedBy`	{ `action`: `string`; `llmModel?`: `string`; `llmProvider`: `string`; `version`: `string`; }	-	packages/manifest/src/schema.ts:131
`generatedBy.action`	`string`	-	packages/manifest/src/schema.ts:132
`generatedBy.llmModel?`	`string`	-	packages/manifest/src/schema.ts:135
`generatedBy.llmProvider`	`string`	-	packages/manifest/src/schema.ts:134
`generatedBy.version`	`string`	-	packages/manifest/src/schema.ts:133
`repository`	{ `branch`: `string`; `commit`: `string`; `name`: `string`; `owner`: `string`; }	-	packages/manifest/src/schema.ts:138
`repository.branch`	`string`	-	packages/manifest/src/schema.ts:141
`repository.commit`	`string`	-	packages/manifest/src/schema.ts:142
`repository.name`	`string`	-	packages/manifest/src/schema.ts:140
`repository.owner`	`string`	-	packages/manifest/src/schema.ts:139
`statistics`	{ `averageConfidence`: `number`; `byAccessMethod`: `Record`<`string`, `number`>; `byDetectionMethod`: `Record`<`string`, `number`>; `byType`: `Record`<`string`, `number`>; `falsePositiveRate?`: `number`; `totalDependencies`: `number`; }	-	packages/manifest/src/schema.ts:147
`statistics.averageConfidence`	`number`	-	packages/manifest/src/schema.ts:152
`statistics.byAccessMethod`	`Record`<`string`, `number`>	-	packages/manifest/src/schema.ts:150
`statistics.byDetectionMethod`	`Record`<`string`, `number`>	-	packages/manifest/src/schema.ts:151
`statistics.byType`	`Record`<`string`, `number`>	-	packages/manifest/src/schema.ts:149
`statistics.falsePositiveRate?`	`number`	-	packages/manifest/src/schema.ts:153
`statistics.totalDependencies`	`number`	-	packages/manifest/src/schema.ts:148
`version`	`"1.0.0"`	`ManifestVersionSchema`	packages/manifest/src/schema.ts:129

Remarks

The merge strategy is:

All entries from updated are taken as the new ground truth.
If preserveManual is true (default), manual entries in existing that are absent from updated are appended as-is.
If preserveHistory is true (default), any changeHistory from existing is prepended to the corresponding entry in updated.

Statistics are recalculated from the merged dependency list.

Use When

Applying the output of Detector to an existing manifest without losing manually-curated entries or historical change records.

Avoid When

You want to completely replace the existing manifest — just write updated directly via writeManifest.

Pitfalls

Matching between existing and updated uses id or url. If the URL of a dependency changes (e.g. a redirect is resolved), the entry will be treated as new and history will not be preserved.
preserveManual: true can re-add entries that were intentionally removed from the repository. Set it to false when performing a deliberate full refresh.

src

Enumerations

Classes

Interfaces

Functions

src

Detector

Other

src

GitHub Client

Other

src

Manifest

Other

src

Monitor

Other

src

Other

plugin-arxiv

src

Other

plugin-context7

src

Other

plugin-skills

src

Other

Plugins

src

Test Utilities

src

Utils

Function: mergeManifests() ​

Parameters ​

Returns ​

Remarks ​

Use When ​

Avoid When ​

Pitfalls ​

Function: mergeManifests()

Parameters

Returns

Remarks

Use When

Avoid When

Pitfalls